CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5559

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘timezonecalculator_output’ shortcode in all versions up to, and including, 3.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5535 – WordPress e.nigma buttons Stored Cross-Site Scripting

Next Article CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-6882 – D-Link DIR-513 Buffer Overflow Vulnerability

June 30, 2025

CVE ID : CVE-2025-6882

Published : June 30, 2025, 3:15 a.m. | 2 hours, 52 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Generate Eloquent Models from Database Markup Language Files

Master Image Processing in Node.js Using Sharp for Fast Web Apps

CVE-2025-5862 – Tenda AC7 PPTP Form Set Buffer Overflow Vulnerability

CVE-2025-7149 – Campcodes Advanced Online Voting System SQL Injection Vulnerability

CVE-2025-6882 – D-Link DIR-513 Buffer Overflow Vulnerability

Install VirtualBox on Kali Linux

CVE-2025-23099 – Samsung Exynos OOB Write Vulnerability

CVE-2025-5699 – WordPress Developer Formatter Stored Cross-Site Scripting Vulnerability

CVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

Related Posts